﻿using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using xjjxmm.infrastructure.Authorizations;
using XjjXmm.Infrastructure.Configuration;
using XjjXmm.Infrastructure.Constant;
using XjjXmm.Infrastructure.Jwt;

namespace xjjxmm.infrastructure.compont;

public class AuthenticationCompont : ICompont
{
    public int Order { get; set; } = 600;

   
    public bool Regist(WebApplicationBuilder builder) {
        var jwtConfig = ConfigHelper.GetSection<JwtTokenSetting>(CommonConstant.JwtConfigKey);

        if (jwtConfig == null)
        {
            return false;
        }

        builder.Services.AddAuthentication(x =>
        {

            //看这个单词熟悉么？没错，就是上边错误里的那个。
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })// 也可以直接写字符串，AddAuthentication("Bearer")
            .AddJwtBearer(o =>
            {
                //var keyByteArray = System.Text.Encoding.ASCII.GetBytes(jwtConfig.Secret);
                //var signingKey = jwtConfig.IssuerSigningKey;

                //var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);

                o.TokenValidationParameters = new TokenValidationParameters
                {
                    //ValidAlgorithms = new[] { SecurityAlgorithms.HmacSha256, SecurityAlgorithms.RsaSha256 },
                    //ValidTypes = new[] { JwtConstants.HeaderType },

                    ValidateIssuerSigningKey = true,//是否验证IssuerSigningKey 
                    IssuerSigningKey = jwtConfig.IssuerSigningKey,//参数配置在下边

                    ValidateIssuer = true,   //是否验证Issuer
                    ValidIssuer = jwtConfig.Issuer,//发行人


                    ValidateAudience = true,//是否验证Audience 
                    ValidAudience = jwtConfig.Audience,//订阅人

                    ValidateLifetime = true,//是否验证超时  当设置exp和nbf时有效 同时启用ClockSkew 
                                            //ClockSkew = TimeSpan.Zero,//这个是缓冲过期时间，也就是说，即使我们配置了过期时间，这里也要考虑进去，过期时间+缓冲，默认好像是7分钟，你可以直接设置为0
                    ClockSkew = jwtConfig.GetClickSkew(),

                    RequireExpirationTime = true,
                };

            });


        return false;
    }

    public bool Use(WebApplication app)
    {
        //认证
        app.UseAuthentication();

        return true;
    }
}
